EOF - If You Don't Believe in DRM, It Can't Hurt You

The last time I talked with Martin Fink, HP's Vice
President of Linux, the problem on his mind was
digital rights management (DRM) and if it could ever
be compatible with free software. It's a puzzling
question, but Martin, like everyone else in the Linux
business, can find better problems to work on.

DRM is any technology that selectively disables
features or affordances of a program or device in
order to control use of a copy of information by
the owner or authorized user of the copy. Think
“unrippable” CDs for the home market or, on the
office side, e-mail software that lets someone who
sends you mail disable your forward or print
function.

A coin-operated jukebox is not DRM, and chmod 600
my-secret-file.txt on a multiuser system is not DRM.
Those technologies exclude only unauthorized users.
DRM starts when the technology begins nit-picking
about what you can do. For example, “play only on
example.com's media player” is DRM. Certainly such
a system helps example.com hang onto its customers,
but there's no demand for it.

In this crazy business of ours, every once in a
while, companies go into a frenzy to sell technology
that doesn't work to customers who don't want it.
In the 1990s, did customers want overpriced UNIX from
bickering vendors or stable-any-day-we-promise Windows
NT? Sorry, neither one works for us. Support Linux,
please. Or on-line services. AOL or Compuserve?
We'll take the Internet, thanks.

When I met Intel VP Donald Whiteside a while back,
he summed up the IT industry party line on DRM.
IT companies have to do DRM in order to work with the
“consumer electronics”, movie and record companies
who put together media standards. He said computer
DVD drives are so locked down because the DVD Copy
Control Association would have refused to license
the DVD format for computer drives otherwise.

Mr Whiteside is too modest about the IT industry's
negotiating position. People started shifting their
leisure time from big-budget TV productions to the
slow-loading, frustrating Internet long before the big
entertainment industry made it there. And the big
copyright holders make pie-in-the-sky DRM demands,
but a little Internet Movie Database search of
actual DVD release dates show a different story in
the real world.

The five top grossing movies for 1998, before the
DVD descrambling story broke, took an average of 367
days after first release to come out in DVD format.
By 2000, disinfecting DVDs was common knowledge
in tech circles, but the top five movies for 2000
actually came out sooner after theatrical release—252 days.

The story is the same for before and after the “DVD
X Copy” application for Microsoft Windows—from
190 days in 2002, before it came out, to 160 days
during 2003 when it was available. Yes, the movie
industry has an infringement problem, and they might
even be releasing DVDs sooner than they would want in
order to compete with infringing copies. But the DRM
features of the DVD itself are a pointless sideshow.

The other hyped-up use for DRM is at the office.
Deploy DRM and you can keep employees from forwarding
embarrassing e-mail to the media. That sounds like
the answer to network-illiterate managers' prayers,
but if it's juicy enough to leak, it's juicy enough
to write down and retype. Bill Gates of Microsoft,
in an interview with gizmodo.com, tried to pitch
DRM using the example of an HIV test result, which
is literally one bit of information. If you hired
someone untrustworthy enough to leak that but unable
to remember it, you don't need DRM, you need to fix
your hiring process.

When I talk to working IT professionals, the trend
is to open up information “behind the firewall”
at a company—not lock it down. People aren't
worried about how to DRM-ize everything. Instead,
I'm seeing enterprise Wikis. “Enterprise Wiki” still
sounds funny, but companies with lots of trade secrets
are rolling them out. “Edit this Page” adds value,
and DRM has the opposite effect.

Even the mighty US Army is adopting
discussion-friendly social software. Doc Searls sent
me a link to Dan Baum's great New Yorker article
about Companycommand.com and Platoonleader.org,
which two Army captains started as a side project
to exchange advice outside the normal channels.
The Army promoted them and brought the sites in-house.

What if I'm wrong, DRM really is the Next Big Thing,
and the herd of IT vendors is right for the first time
in history? Network effects practically guarantee
that one DRM system will be a global standard.
Picking the winner, though, depends on unpredictable
DRM-circumvention efforts by security researchers
worldwide.

And when even a PC operating system can be an
“essential facility” to be regulated on antitrust
grounds, DRM that actually worked would be too
much power for governments to let anyone else have.
Win the DRM war, and the prize is becoming a regulated
industry like the pre-breakup AT&T. Martin Fink
doesn't want Linux users to miss the DRM boat.
I'll miss that ship of fools any day.

Absolutely. The fact is, if pirates (or even the merely curious and bored) want to break something, it will be broken and, probably, distributed in a broken form. People who are willing to circumvent the law will get the broken (ie, fully functional) version; people who are "honest" get the function-limited version. By paying for the genuine article they receive a product of lesser value. So where is the incentive to be honest?

You can convey the result in less than one bit of actual data if you compress it along with other stuff. For example, assume 1 in 16 of 15000 independent tests are positive and you want to encode these 15000 bits. Without even getting into serious compression algorithms, let's pack results in groups of two:
0 both negative
100, 101 one or the other positive
11 both negative
This crappy code uses an average of 0.5*(225/256)+1.5*(15/256)*2+1*(1/256), that is (112.5+45+1)/256 =
0.619, bits per input bit.